How the Media Gets it Wrong On Infosec

Why arresting lulzsec won’t change anything

Federal law enforcement agencies from around the world have been working to arrest members of the group known as lulzsec. Love them or hate them lulzsec has changed how the public views hackers and hacking. It has brought more attention to the cyber world and the cultures that develop there, and they have changed how some hackers operate Instead of quietly hacking smaller websites or targets of personal interest, they hack or attempt to hack government targets and post about it on social network and public chat rooms. Lulzsec declared war on the US Government and others like them have answered the call to arms. By doing this lulzsec has ensured that even if they themselves are caught their cause will live on without them, in fact if caught this would only likely motivate their followers further.

These “daughter groups” seem based on their region , on twitter I have seen “lulzsec” based groups for brazil and there have been reports of graffiti tags showing the word “antisec” and lulzsec’s mascot image in San Diego, I do not know how many other groups such as this are out there, but considering lulzsec’s over 200,000 twitter followers the number could be significant. Considering law enforcement’s history with dealing with cell based groups if they seriously want to stop the antisec movement they are going to need a different approach than the one they are currently taking, fighting them directly is only going to expand the antisec movement and fuel its anger.

Right now lulzsec and its allies have the advantage because their operation is popular and costs very little to operate but does a significant amount of damage, while Government forces cost significant amounts of money to train and operate and do very little damage. Considering how slow that governments are to adopt change, even when it directly benefits them lulzsec and its allies will be at this for quite some time.

If the governments were truly serious about stopping this threat they would work to defuse the anger and outright hate people feel toward the government these days, they would take steps to show people that they are not the bad guys and stop taking such a hard approach. They would pay more attention to public perceptions and address the issues that people have in a honest and transparent manner, being answerable to the public when questions are asked. For example there may be a perfectly rational explaination as to why the FBI took servers that didn’t seem to have anything to do with lulzsec from DigitalOne, but the people will never know why because they won’t comment, and when they do people feel like what they are told does not really explain anything, so without answers from official sources right away, people will just draw logical conclusions based on the available evidence , and said evidence makes it look like the FBI has no idea what it is doing and they have good reason to believe that.

As of late the governments actions in public have been disastrous and it has gotten to the point where people feel compelled to act to stop it. People feel like their rights are being stripped away and that they have no control over their own private lives. They are afraid. So when someone comes along and is not afraid, and not only not afraid but willing and able to act against the target of their fears, they rally around them and support them, feeling less afraid to act themselves, and after enough time they lose all fear of any legal repercussions because they believe they are morally right. This is the point we are at right now, they have motivated and emboldened people that the government has alienated and ignored. Stopping lulzsec won’t stop antisec, in fact it will likely do the opposite. The game has been changed, and right now the only winning move is not to play.